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Abstract 

In this paper we will give a global description of the Frobenius for 
the division fields of an elliptic curve E which is strictly analogous to 
the cyclotomic case. This is then applied to determine the splitting of a 
prime p in subfields of such a division field. Such fields include a large 
class of non-solvable quintic extensions and our application provides an 
arithmetic counterpart to Klein's "solution" of quintic equations using 
elliptic functions. A central role is played by the discriminant of the ring 
of endomorphisms of the elliptic curve reduced modulo p. 



Introduction 

Given a Galois extension L/K of number fields with Galois group G, a funda- 
mental problem is to describe the (unramified) primes p of K whose Frobenius 
automorphisms lie in a given conjugacy class C of G. In particular, all such 
primes have the same splitting type in a sub-extension of L/K. In general, all 
that is known is that the primes have density |C|/|G| in the set of all primes, 
this being the Chebotarev theorem. 

For L/K an abelian extension Artin reciprocity describes such primes by 
means of their residues in generalized ideal classes of K . In the special case 
that L is obtained explicitly by adjoining to K the q-ih division points of the 
unit circle we have that G C GL(l,q) — (Z/gZ)* and the Frobenius of p is 
determined by the norm N(p) modulo q. If K = Q (cyclotomic fields) we have 
that G — GL(1, q) and any abelian extension of Q occurs as a sub-field of such 
an L for a suitable q (Kronecker- Weber). Here the Chebotarev theorem reduces 
to the prime number theorem in arithmetic progressions. 

In a similar manner an elliptic curve E over K gives rise to its g-th division 
field L q by adjoining to K all the coordinates of the g-torsion points. Now L q is 
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a (generally non-abelian) Galois extension of K with Galois group G, a subgroup 
of GL(2,Z/qZ) (see Q). In this paper we will give a global description of the 
Frobenius for the division fields of an elliptic curve E which is strictly analogous 
to the cyclotomic case. This is then applied to determine the splitting of primes 
in fields contained in L q or, as we shall say, uniformized by E. As observed by 
Klein (sec such fields include a large class of non-solvable quintic extensions. 
Our aim in this application is to provide an arithmetic counterpart to Klein's 
"solution" of quintic equations using elliptic functions. 

By using CM curves we may uniformizc all abelian extensions of imaginary 
quadratic fields. A classical application here is the result of Gauss that 

x 3 - 2 

factors completely modulo a prime p > 3 if and only if 

p = x 2 + 27y 2 

for integers x and y (see One way to derive this is to determine the 

Frobenius class of p in the field obtained by adjoining to Q the x-coordinates of 
the 3-division points of the elliptic curve given by 

y 2 = x 3 - 15a; + 22, 

which has CM by the quadratic order of discriminant -12. 

Analogous results for non-solvable quintics require non-CM curves. Consider 
the quintic 

f(x) = x 5 + 90x 3 + 3645x - 6480 

which has discriminant (2) 12 (3) 16 (5) 5 (7) 6 . Its splitting field has Galois group 
S*5 over Q. It follows from the results of this paper that f{x) factors completely 
modulo p > 7 if and only if 

p = x 2 - 25A p y 2 

where A p is the discriminant of the ring of endomorphisms of the elliptic curve 

y 2 = x(x — l)(x — 3) 

reduced mod p. The first two such primes are 1259 and 1951 for which A1259 = 
—31 and A1951 = —51 and where 

1259 = (22) 2 + 25- 31 • l 2 

and 

1951 = (26) 2 + 25- 51 • l 2 . 

As may be checked, 

f{x) = (x + 734)(x + 322)(x + 26)(x + 851)(x + 585) mod 1259 
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and 



f(x) = (x + 1029) (ac + 1222) (a; + 839)(ir + 1771)(as + 992) mod 1951. 

In the non-CM case A p is not determined by arithmetic progressions in p. A 
goal of this paper is to complement that of Shimura |l5|| by pointing out the 
role of A p in such questions. 

Acknowledgement: We would like to thank N. Katz for his helpful comments. 

Outline of results. 

Given an elliptic curve E defined over a number field K and a prime ideal p in 
Ok. of good reduction for E we shall define an integral matrix [p] of determinant 
N(p) whose reduction modulo q gives the action of the Frobenius for L q , the 
g-th division field of E. Let a p be defined as usual by 

#E p (k)=N(p)-a p + l (1) 

where E p is the reduction of E at p and is defined over k, the residue field of p 
which satisfies #fc = N(p) = p n . 

Let R be the ring of those endomorphisms of E that are rational polynomial 
expressions of the Frobenius endomorphism If (j) p is multiplication by an 
integer R = Z and we define A p = 1 and b p = 0. Otherwise the ring R is 
the centralizer of the Frobenius endomorphism in the endomorphism ring of E p 
over k and is an imaginary quadratic order whose discriminant we denote by 
A p . Then we shall see that p does not divide the conductor m of A p and that 
there is a unique non-negative integer b p so that 

4A(p) = a 2 p - A p b 2 p . (2) 

We associate to p the following integral matrix of determinant N(p): 



r„l _ \( a P +b p S p )/2 b p 
m [b p {A p -5 p )/4: {a p -b p 5 p )/2 

where for a discriminant A we have (5 = 0,1 according to whether A = 0, 1 mod 
4. We shall show that [p] gives a global representation of the Frobenius class 
over p for each q-th division field of E by reducing it modulo q, provided p is 
prime to q. 

Theorem 1. Let E be an elliptic curve defined over a number field K and 
q > 1 an integer. Let L q be the q-th division field of E with Galois group G 
over K . Let p be a prime of good reduction for E with N(p) prime to q. Then 
p is unramified in L q and the integral matrix [p] defined in (0), when reduced 
modulo q, represents the class of the Frobenius of p in G. 



(3) 
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The proof we give of this uses the theory of canonical lifts of endomorphisms 
due originally to Deuring. 

In analogy with the cyclotomic case, we have associated to each curve a 
sequence of prime power matrices, defined in terms of arithmetic data from the 
reduced elliptic curve which give the Frobenius in all of the division fields. Let 
C be a conjugacy class of G and let tte(X; q, C) be the number of primes p of 
good reduction with N(p) < X such that [p] = Co mod q for some Co G C. By 
the Chebotarev theorem fj| we derive the following strict analogue of the prime 
number theorem in progressions for the sequence [p] : 

n E (X;q,C)~ l -^n K (X) 

as X — > oo, where ttk(X) counts all primes of K with N(p) < X. 

Of more interest for us here is the fact that the splitting type of p in any 
field between K and the q-ih division field L q is determined by [p] mod q. For 
example we get immediately a criterion for complete splitting in the full division 
field in terms of the invariants a p and bp modulo q, provided q is odd. 

Corollary 1. Let E be an elliptic curve defined over a number field K and 
q > 1 an odd integer. Then p a prime of good reduction for E with N(p) prime 
to q splits completely in L q if and only if a p = 2 mod q and bp = mod q. 



For a discriminant A let 

Qa(x, y)=x 2 + Sxy - ((A - 5)/A)y 2 

be the principal form where S = 0, 1 according to whether A = 0, 1 mod 4. For 
p a prime of good reduction for E we get a representation 

N(p) = Q Af (x,y) (4) 

with integral x, y upon using the change of variables 

x = (dp - b p Sp)/2 y = b p (5) 

in (2). This representation is primitive if p is ordinary. Let be the extension 
of K obtained by adjoining only the Weber functions of the g-th division points, 
that is the ^-coordinates unless j(E) — or j(E) = 1728, in which case we 
must first cube or square the coordinates, respectively. By Theorem 1 we may 
determine which sufficiently large ordinary primes split completely in from 
any such primitive representation. 

Corollary 2. Let E be an elliptic curve defined over a number field K as above 
and q > 1 an integer. Then there is a constant Co depending only on E and q 
so that for every ordinary prime p of K with N(p) > Co we have that p splits 
completely in if and only if x = ±1 mod q and y = mod q in any primitive 
representation 

N(p)=Q Ap (x,y). 
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If E has CM by the ring of integers in an imaginary quadratic field of dis- 
criminant A then the splitting completely condition in becomes simply 

N(p) = Q A (x,y) 

with integers x = ±1 mod q and y = mod q. Actually, suppose we take for 
E the elliptic curve with lattice given by the ring of integers of an imaginary 
quadratic field F of discriminant A and take K = F(j(E)), the Hilbert class 
field of F. It follows from Corollary 2 that a sufficiently large rational prime 
p splits in L+ iff p = Q A (x,y) with integers x = ±1 mod q and y = mod q. 
This is a well known result of CM theory. 

Another simple consequence in the CM case, this time of Corollary 1, is that 
the conditions 

#E p (k) = mod q 2 and N(p) = 1 mod q, 

which are clearly necessary for p of good reduction to split completely in L q , 
are also sufficient, at least when q is odd. 

Our main application is to describe the primes which split completely in 
certain non-solvable quintic extensions M/K. Suppose M is given by adjoining 
to K a solution of a principal quintic over K: 

f(x) = x b + ax 2 + bx + c = 

and that the discriminant of / is D. Suppose further that the Galois group of 
the normal closure L of M is S$ and that \/5Z) e K. 

Theorem 2. Let M/K be a non- solvable quintic extension as above. There 
exists an elliptic curve E defined over K so that a prime p of K which has good 
reduction for E and is prime to 5 splits completely in M if and only if 



bp = mod 5 

where bp is associated to the elliptic curve E. 

In general we have the following determination of the splitting type of p: 



Splitting type of p in M 


|X-4^V(p)j 








1 


1 




(1)(4) 


1 


-1 




(1) 2 (3) 


-1 


1 




(1)»(2) 


-1 


-1 


if 5 a p 


(2)(3) 


-1 


-1 


if 5 lap 


(5) 





if 5 )(b p 


(1)* 





if 5|6 P 



Concerning the determination of E from /, it is enough to find the j-invariant of 
E. Explicit computations are provided below. We remark that it is also possible 
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to formulate a similar result for A$ extensions of K under otherwise identical 
assumptions. Furthermore, by allowing the elliptic curve to be defined over a 
quadratic or a biquadratic extension of K one may uniformize all non-solvable 
quintic extensions. 

It is also possible to explicitly uniformize certain degree 7 extensions whose 
normal closure have Galois group simple of order 168 by using the seventh 
division fields of elliptic curves (see |llj and the references cited there.) By 
Theorem 1 one may similarly characterize the primes with a given splitting 
type in such extensions. 



A global representation of the Frobenius 

In this section we will prove Theorem 1 and its corollaries using an approach 
that compares the action of the Frobenius on the prime-to p division points with 
the action of the matrix (||) on Z 2 . 

Let E be an elliptic curve defined over a number field K. Let p be a prime 
ideal in Ok. with residue field k E p , the reduction of E mod p (it is assumed that 
E has good reduction at p). That p is unramified in the field L q is well known, 
see e.g. O] VII. §4. Also note that there is nothing to prove when (j> v G Z, so we 
will assume throughout that this is not the case. The idea of the proof is that 
modulo p the curve E can be replaced by a curve E with complex multiplication 
so that the following diagram commutes: 



E [q] Ep [q] E[q] 



I < 6 > 



E[q] £,[,] E[ 9 ] 

where as usual [q] stands for the q-division points on the curves in the algebraic 
closures of the appropriate fields. 

We now explain this diagram in detail. To simplify matters we fix a Weier- 
strass equation for E as in juj III.§1. Let K, k be the algebraic closures of 
K, k. To specify the horizontal maps red we choose an embedding of K into the 
algebraic closure K p of K v , the completion of K at the valuation arising from p. 
We call the subgroup of torsion points whose orders are relatively prime to p the 
p'-torsion. Then the p'-torsion points on E(K) is mapped into the p'-torsion of 
E(Kp) and this being defined over an unramified extension, reduction modulo 
a prime ^ above p maps this latter group into the p'-torsion of E(k). Both of 
these maps are isomorphisms on p' torsion. This is the map red for reduction, 
though as explained above it depends on many choices. Note that after these 
choices are made there is a unique element F p £ Gal(K^ nram / K v ) that satisfies 
F p (t) = t* k mod <P, for all t G K^ nram . 

We are interested in the action of the Frobenius automorphism <f>p G Gal(k/k) 
on the fc-valued points. In terms of the Weierstrass equation for E, this action 



G 



on the coordinates is simply (x,y) t— > (x# k ,y# k ). By abuse of notation we also 
denote this action and the restriction of it to the g-division points by <p p . 

Now the commutativity of the left half of the diagram is merely a restatement 
of the choices made above. 

By Deuring's lifting theorem (Q, || p. 184), there exists an elliptic curve E 
defined over K p and an endomorphism (f> p of E so that E reduces to E p modulo 
pOp and that 4> p £ End(E) reduces to (p p £ End(E p ). If E is super-singular <f> p 
will be defined over a ramified extension. Reduction still makes sense since <j) p 
is an endomorphism and not a Galois automorphism. 



This shows the commutativity of the right half of diagram 




To prove our theorem we need to determine the endomorphism ring S of 
E. Recall that the ring R p defined in the introduction is the centralizer of (f> p 
in the endomorphism ring of E p and is a quadratic order. We claim that S is 
isomorphic to R. Since R C S, Deuring's reduction theorem implies equality if 
we can show that the conductor of R is prime to N(p), a fact that is trivial in 
the ordinary case and follows from [fl8| in the super-singular case. 

Let A p be the discriminant of R p . By choosing a complex square root of A p 
we identify R p with a lattice in C. After this identification (f> p corresponds to 
some complex number (f> = (a p + 6 p ^/A p )/2. Clearly the lattice R is preserved 
by multiplication by <p an d leads to the integral matrix (3), where we may choose 
b p > 0. Instead of R one could in fact use any lattice whose endomorphism ring 
is R. 

To finish the proof of Theorem 1, consider an embedding a of the algebraic 
closure of K p into C. It allows us to view E as an elliptic curve over the 
complex numbers, that we denote E a . Since E a has complex multiplication 
by R and Gal(C/Q) acts transitively on the set of elliptic curves with R as its 
endomorphism ring, we may and will assume the j(E a ) = j(R). 

By choosing a non-trivial holomorphic differential w on E a appropriately 
the lattice of periods {J^oj : 7 £ Hi(E a ,Z} = R. Then the period mapping 

n : E a — * C/R is a biholomorphic isomorphism of complex analytic manifolds. 
The action of <p p on E defines an endomorphism of E a and gives rise to a map 
tf>* on R. Since the Frobenius automorphism <p p satisfies a quadratic equation 



tf p -a p ^ p + N(p) = 0. (7) 

<p* can be identified with multiplication by one of the complex roots of this 
equation i.e. multiplication by <j> : R — > R (viewed as complex numbers). Get- 
ting back to the g-division points we can again summarize the situation in the 
following diagram: 
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EM 



EM 



E a [g] R/qR 



E a [q] R/qR 



(8) 



where g x II is the period map followed by multiplication by q. This proves 
Theorem 1. 



Remark: If E is replaced by an Abelian variety V then the unramifiedness of 
p still holds Jl6| and the left square of diagram ^ makes sense. If in addition 
V has ordinary reduction at p then the right square in diagram ^ generalizes 
as shown by Delignc j| (and therefore the whole proof works). However the 
general case leads to substantial difficulties 10 . 



Corollary 1 is an immediate consequence of Theorem 1. 



We now prove Corollary 2. Let E be an elliptic curve defined over a number 
field K as above and q > 1 an integer. Let p be a prime of ordinary reduction 
for E. Given a primitive representation 

P n = Qa p (x, y) 

we know that x and y are uniquely determined up to (proper or improper) 
automorphs of Qa p - If — A p > 4 and x = ±1 mod q and y = mod q then it 
follows that 



[P] 



£ + Sy y 
tf(A p -<y p )/4 z 



mod g (9) 



and hence that p splits completely in L+. If j = j(E) is not or 1728 then for 
p with N(p) sufficiently large we have that — A p > 4. To see this write j = a/[3 
for a,/3 & O k . We know that j = j(R p ) mod p. If j(R p ) = or 1728 then 
assuming that j — j (R p ) =^ we have 

N(p) < max(\N(a)\, \N(a - 1728/3)1). 

In case j — or j — 1728 the altered definition of leads again to the result. 



Finally we prove the consequence of Corollary 1 mentioned below Corollary 
2 above that, in the CM case, a prime of good reduction p splits completely in 
L q if dp = N(p) + 1 mod q 2 and N(p) = 1 mod q, provided q is odd. Since these 
conditions immediately imply that a p = 2 mod q, by Corollary 1 we only must 
show that q \ bp. By our assumption 

a 2 = (N(p) - l) 2 + 4JV(p) = 47V(p) mod q 2 
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we get, using 

4N(p) = a 2 p - A p b 2 pi 

that 

9 2 I 

For a CM curve with fundamental A the only possible prime dividing the square 
part of Ap is 2. In fact, A p = A for ordinary p and for super-singular p A p = — p 
or — Ap where N(p) — p n . Since q is odd this implies that q | b p . 



Quintics 

In the section we prove Theorem 2 and justify the general splitting criteria given 
after it as well as the example given in the introduction. Let M be given by 
adjoining to if a root of a principal quintic 

f(x) = x 5 + ax 2 + bx + c = 

defined over K. If the discriminant of / is 5 times a square then, by means of a 
Tschirnhausen transformation (|| p. 218.) we may assume that M is determined 
by a Brioschi quintic 

ft(x) = x 5 - 10tx 3 + 45t 2 x - t 2 

for some t £ K with t ^ 0, j^E • ^ was s h° wri by Kiepert Q already in 1879 
(see @ for an exposition) that M is contained in L§ for any elliptic curve E 
over K with ^-invariant 1728 — t~ 1 . Recall that L§ is in this case obtained by 
adjoining to K the x-coordinates of the 5 division points. One may take for 
instance the curve E t given by 

E t : y 2 + xy = x 3 + 36tx + t. 

If the splitting field of / over K is an Sg extension then it must be the fixed 
field of the subgroup of scalars of G since PGL 2 (F 5 ) ~ S§. Theorem 2 now 
follows easily from Theorem 1. 

A calculation of conjugacy classes based on the identification of Sg with 
PGL 2 (F 5 ) leads to the determination of the splitting type of a prime p of good 
reduction for E t which is prime to 5. Recall that A £ Gi^lFs) is called regular 
if it has different eigenvalues. Clearly A is regular if the discriminant of the 
characteristic equation tr(A) 2 — 4 det(A) is non-zero. Given such A its conjugacy 
class is determined by its trace and determinant. It is clear that the values of 
the following Legendre symbols 

/detM)\ , ftr(A) 2 -4det(A)\ 
*={—) and j 

are determined by the conjugacy class of A in PGL2(¥$). Now in case the 
characteristic polynomial of A splits, that is p = 1, the matrix A is conjugate 
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to a diagonal matrix in GL2OF5) and so the value of a already determines the 
cycle type of such matrices. When p = — 1 one must take into account whether 
tr(A) = or ^ mod 5. For A non-regular tr(A) 2 — 4det(A) = and one 
needs to know if A is semi-simple or unipotent. This information cannot be 
extracted from the trace and determinant alone, but it is determined by the 
value of bp. All that remains to be done is to identify each conjugacy classes 
with its cycle type. 

The example in the introduction is obtained by taking K = Q and t = ^sf? • 
Here we observe that since E has four 2-torsion points over Q both a p and b p 
will be even for p with good reduction. Thus the representation 

4p = a 2 p - A p b 2 p 

yields 

P = x 2 - A p y 2 

and the condition for splitting completely is that y = mod 5, since x and y 
are determined uniquely up to sign. 



Some computational issues 

In this section we discuss some of the computational issues which arise when 
considering examples. 

First, given a principal quintic (slightly modified from above) 

f( x ) = x 5 + 5ax 2 + hbx + c = (10) 

defined over K with discriminant D such that y/5D € K we must determine t 
so that the Brioschi quintic 

f t (x) = x 5 - lOtx 3 + 45t 2 x-t 2 . (11) 

determines the same extension. This is done using a Tschirnhausen transfor- 
mation and is described in detail in [Q, p 103. (see also || p. 218.) Here we will 
simply record the result in the case a ^ 0. 
One determines t, A and /i in the map 

A + ^ (12) 



{x 2 /t)-Z 



in order to transform the general principal quintic (nOf) to the Brioschi quintic 
©• 

An analysis using invariant polynomials for the icosahedral group acting on 
the Riemann sphere leads eventually to the quadratic equation for A given by 

(a 4 + abc - b 3 )X 2 - (11a 3 - ac 2 + 2b 2 c)X + 64a 2 6 2 - 27a 3 c - be 2 = 0. 
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The discriminant of this quadratic is 



5- 5 a 2 D 

and so A 6 K. Choose either solution and let 

. _ (aA 2 - 36A - 3c) 3 
^ a 2 (\ac — \b 2 — be) 

Then, provided j ^ 0, 1728 we may take 

t= 1/(1728 -j) 

in ( |Tl| ) and choose for the elliptic curve any curve with this j invariant, say 

E t : y 2 + xy = x 3 + 36tx + t 

as above. Also, one may determine /i in ( p"2| ) to be given by 

^ ja 2 - 8A 3 a - 72A 2 6 - 72Ac 
A 2 a + \b + c ' 

Note that the discriminant of f t is 

D t = 5 5 i 8 (1728i- l) 2 

while that of E t is 

-£(1728t - l) 2 . 

Another issue is to compute the invariants A p and b p in the rational case. 
This problem is mentioned in the Woods Hole seminar on Elliptic curves and 
formal groups by Lubin-Serre-Tate. An important study of A p was made by 
Schoof in ||. 

The most straightforward way to determine b p and to find the order R that 
appears in Deuring's theorem is to check all the possible singular invariants until 
we find one that is congruent to the given j-value modulo p. (Note that the 
discriminant of R must divide a 2 — Ap.) We assume that our input is an elliptic 
curve E 7 given in Weierstrass equation, and p is a prime number that does not 
divide the discriminant of E. After computing a p (a serious task by itself) we 
find A p for an ordinary curve as follows; we first compute the square-free part 
D of a 2 — Ap and then create a vector whose values are all possible discriminants 

A = b 2 D\(a 2 p ~Ap). 

For a possible conductor A, we find the class group C(A) of the proper ideal 
classes (using quadratic forms) and compute the integer 

a a = n (j(^)-i(A)). 

AGC(A) 
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Note that the canonical lift E is distinguished by the fact that its endomorphism 
ring is R and that j(E) = j(E) mod P for some prime P dividing p. Therefore 
for any complex embedding a : Q p — > C, 

a(j(E)) e {i(C/A) : A e C Ap }, 

where A p is the actual discriminant of R. Also note that if A' e Ca' for A' 7^ A p , 
then the corresponding elliptic curve reduces to a curve whose endomorphism 
ring has discriminant A' for any place above p. Therefore A p is uniquely char- 
acterized by the fact that 

Xa p = mod p. 

Occasionally the computation of X\ involves complex numbers of rather 
large size. To make the algorithm efficient, one needs to determine the needed 
precision in advance. Assume that the lattices are given in the form Z + Zrj, 
with n in the upper half plane. Then the number of significant digits one must 
use is approximately 




log(j(£)) + 2TtIm{ n ) 
log(10) 
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